misc: address review comments

Signed-off-by: Rudraksh Pareek <[email protected]>
accuknox · Apr 26, 2024 · 7033a7b · 7033a7b
1 parent c7acaf0
commit 7033a7b
Show file tree

Hide file tree

Showing 11 changed files with 37 additions and 30 deletions.
diff --git a/.github/workflows/action.yaml b/.github/workflows/action.yaml
@@ -20,9 +20,9 @@ env:
   CHART_NAME_KIEM: kiem-job
   CHART_PATH_KIEM: ./kiem-job
   CHART_REVISION_NAME_KIEM: kiem-job
-  CHART_NAME_RISK_ASSESSMENT: k8s-risk-assessment-job
-  CHART_PATH_RISK_ASSESSMENT: ./k8s-risk-assessment-job
-  CHART_REVISION_NAME_RISK_ASSESSMENT: k8s-risk-assessment-job
+  CHART_NAME_K8S_RISK_ASSESSMENT: k8s-risk-assessment-job
+  CHART_PATH_K8S_RISK_ASSESSMENT: ./k8s-risk-assessment-job
+  CHART_REVISION_NAME_K8S_RISK_ASSESSMENT: k8s-risk-assessment-job
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} 
   AWS_REGION: us-east-1
@@ -77,7 +77,7 @@ jobs:
         chart-path: ${{ env.CHART_PATH_KIEM }}        
         revision-name: ${{ env.CHART_REVISION_NAME_KIEM}}         
 
-  chart-validate-risk-assessment:
+  chart-validate-k8s-risk-assessment:
     runs-on: ubuntu-latest
     if: always() && !contains(needs.tag-validate.result, 'failure')
     needs: [tag-validate]
@@ -87,8 +87,8 @@ jobs:
     - name: Validate helm chart
       uses: accuknox/common-gh-actions/actions/helm-check@main
       with:
-        chart-path: ${{ env.CHART_PATH_RISK_ASSESSMENT }}
-        revision-name: ${{ env.CHART_REVISION_NAME_RISK_ASSESSMENT}}
+        chart-path: ${{ env.CHART_PATH_K8S_RISK_ASSESSMENT }}
+        revision-name: ${{ env.CHART_REVISION_NAME_K8S_RISK_ASSESSMENT}}
 
   chart-push-k8s:
     runs-on: ubuntu-latest 
@@ -138,17 +138,17 @@ jobs:
         ecr-repo: ${{ env.REPO }}
         type: public
 
-  chart-push-risk-assessment:
+  chart-push-k8s-risk-assessment:
     runs-on: ubuntu-latest
-    needs: [chart-validate-risk-assessment]
+    needs: [chart-validate-k8s-risk-assessment]
     if: startsWith(github.ref, 'refs/tags/v')
     steps:
     - name: Checkout source
       uses: accuknox/common-gh-actions/actions/checkout-source@main
     - name: Push helm chart to ECR
       uses: accuknox/common-gh-actions/actions/helm-push@main
       with:
-        chart-path: ${{ env.CHART_PATH_RISK_ASSESSMENT }}
+        chart-path: ${{ env.CHART_PATH_K8S_RISK_ASSESSMENT }}
         version: ${{ github.ref_name }}
         ecr-region: ${{ env.AWS_REGION }}
         ecr-repo: ${{ env.REPO }}

diff --git a/cis-k8s-job/templates/cis-job.yaml b/cis-k8s-job/templates/cis-job.yaml
@@ -13,7 +13,7 @@ spec:
           containers:
           - image: accuknox/accuknox-job:latest
             command: ["/bin/sh", "-c"]
-            args: ['curl --location --request POST "https://cspm.$ENV_URL.accuknox.com/api/v1/artifact/?tenant_id=$TENANT_ID&data_type=KB&save_to_s3=true" --header "Authorization: Bearer $AUTH_TOKEN" --form "file=@\"./data/report.json\""']
+            args: ['curl --location --request POST "https://$ENV_URL/api/v1/artifact/?tenant_id=$TENANT_ID&data_type=KB&save_to_s3=true" --header "Authorization: Bearer $AUTH_TOKEN" --form "file=@\"./data/report.json\""']
             name: cis-k8s-cronjob
             resources: {}
             env:

diff --git a/cis-k8s-job/values.yaml b/cis-k8s-job/values.yaml
@@ -1,12 +1,12 @@
-# Default values for accuknox-cis-job.
+# Default values for cis-k8s-job.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
 accuknox:
   authToken: "NO-TOKEN-SET"
-  cronTab: "0 */4 * * *"
+  cronTab: "30 9 * * *"
   clusterName: ""
   label: ""
   clusterId: ""
   tenantId: ""
-  URL: "dev"
+  URL: "cspm.demo.accuknox.com"
diff --git a/k8s-risk-assessment-job/Chart.yaml b/k8s-risk-assessment-job/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-name: k8s-risk-assesment-job
+name: k8s-risk-assessment-job
 description: A Helm chart for creating AccuKnox k8s-risk-assessment job
 type: application
 version: 0.1.0

diff --git a/k8s-risk-assessment-job/README.md b/k8s-risk-assessment-job/README.md
@@ -1,4 +1,4 @@
-# AccuKnox k8s-risk-asessment Job
+# AccuKnox k8s-risk-assessment Job
 
 A job for scanning cluster misconfiguration through kubescape
 
@@ -13,7 +13,7 @@ helm upgrade --install k8s-risk-assessment-job -n k8s-risk-assessment --create-n
 ### Published
 
 ```
-helm upgrade --install k8s-risk-assessment-job oci://public.ecr.aws/k9v9d5v2/k8s-risk-assessment-job -n k8s-risk-assessment --create-namespace --set accuknox.authToken="TOKEN" .
+helm upgrade --install k8s-risk-assessment-job oci://public.ecr.aws/k9v9d5v2/k8s-risk-assessment-job -n k8s-risk-assessment --create-namespace --set accuknox.authToken="TOKEN"
 ```
 
 where TOKEN is issued from AccuKnox SaaS.
@@ -22,8 +22,8 @@ where TOKEN is issued from AccuKnox SaaS.
 
 | Helm key | Default Value | Description | Required |
 |----------|---------------|-------------| -------- |
-| accuknox.authToken | "NO-TOKEN-SET" | Auth token from AccuKnox SaaS | YES |
-| accuknox.URL | "cspm.dev.accuknox.com" | URL of the environment | YES |
+| accuknox.authToken | "NO-TOKEN-SET" | Auth token from AccuKnox SaaS | YES (auto-populated by SaaS) |
+| accuknox.URL | "cspm.dev.accuknox.com" | URL of the environment | YES (auto-populated by SaaS) |
 | accuknox.clusterName | "default" | name of the cluster | YES (auto-populated by SaaS) |
 | accuknox.tenantID | "" | ID of AccuKnox tenant | YES (auto-populated by SaaS) |
 | accuknox.cronTab | "0 */6 * * *" | cron tab for the job - timezone: UTC | NO |

diff --git a/k8s-risk-assessment-job/values.yaml b/k8s-risk-assessment-job/values.yaml
@@ -12,8 +12,8 @@ replicaCount: 1
 
 accuknox:
   authToken: "NO-TOKEN-SET"
-  URL: "cspm.dev.accuknox.com"
+  URL: "cspm.demo.accuknox.com"
   tenantID: ""
-  cronTab: "0 */6 * * *"
+  cronTab: "30 9 * * *"
   clusterName: ""
   label: ""
diff --git a/k8tls-job/Chart.yaml b/k8tls-job/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: k8tls-job
-description: A Helm chart for Kubernetes
+description: A Helm chart for running k8tls
 
 # A chart can be either an 'application' or a 'library' chart.
 #

diff --git a/k8tls-job/templates/k8tls-job.yaml b/k8tls-job/templates/k8tls-job.yaml
@@ -42,12 +42,20 @@ spec:
           containers:
           - image: accuknox/accuknox-job:latest
             command: ["/bin/sh", "-c"]
-            args: ["curl www.google.com && echo $AUTH_TOKEN && cat /data/report.json"]
+            args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
             name: k8tls-job
             resources: {}
             env:
+              - name: URL
+                value: {{ .Values.accuknox.URL }}
+              - name: TENANT_ID
+                value: {{ .Values.accuknox.tenantID | quote }}
               - name: AUTH_TOKEN
                 value: {{ .Values.accuknox.authToken }}
+              - name: CLUSTER_NAME
+                value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }}
+              - name: LABEL_NAME
+                value: {{ if ne .Values.accuknox.label "" }}{{ .Values.accuknox.label }}{{ else }}{{ "default" }}{{ end }}
             volumeMounts:
               - mountPath: /data
                 name: datapath

diff --git a/k8tls-job/values.yaml b/k8tls-job/values.yaml
@@ -1,10 +1,11 @@
-# Default values for AccuKnox k8tls-job.
+# Default values for k8tls-job.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
 accuknox:
   authToken: "NO-TOKEN-SET"
-  cronTab: "0 */4 * * *"
+  cronTab: "30 9 * * *"
+  tenantID: ""
   clusterName: ""
   label: ""
-  URL: "dev"
+  URL: "cspm.demo.accuknox.com"
diff --git a/kiem-job/templates/deployment.yaml b/kiem-job/templates/deployment.yaml
@@ -27,7 +27,7 @@ spec:
                   mountPath: /data
           containers:
             - image: accuknox/accuknox-job:latest
-              command: ['sh', '-c', 'curl --location --request POST "https://cspm.${URL}.accuknox.com/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
+              command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
               name: accuknox-kiem-cronjob
               resources: {}
               env:

diff --git a/kiem-job/values.yaml b/kiem-job/values.yaml
@@ -6,10 +6,8 @@ replicaCount: 1
 
 accuknox:
   authToken: "NO-TOKEN-SET"
-  URL: "dev"
+  URL: "cspm.demo.accuknox.com"
   tenantID: ""
-  cronTab: "0 */6 * * *"
+  cronTab: "30 9 * * *"
   clusterName: ""
   label: ""
-
-